13d717c445b2b41d79a0def49eefe9d3fb1c36beaa6bcf4c68bd6dbaa860b472

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07/09/2024, 03:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b29ff36a0618230a920cd9294a7ca770N.exe
Size

101KB
MD5

b29ff36a0618230a920cd9294a7ca770
SHA1

0e0b512aa57a268c7cfc2bef23ca5e371cf41251
SHA256

13d717c445b2b41d79a0def49eefe9d3fb1c36beaa6bcf4c68bd6dbaa860b472
SHA512

0cb700d9059e0c00d53f98ec39aac8cab191739a6e1c270888eb2e7f7054a637e423c85afb63bc21f54ffc16219c786b39ee7581d9e576494f0729d0a6bdd1ae
SSDEEP

1536:W7ZDpApYbWjIoPyPoLzV7c6ShZQ4PN54PNwYHB10YHB1Rfm:6DWp4W6YHB10YHB1Rfm

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (317) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\msinfo32.exe.mui.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_MATTE2_PAL.wmv.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576_91n92.png.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\DVD Maker\Shared\Filters.xml.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-highlight.png.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\rtscom.dll.mui.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\header-background.png.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ms.pak.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_100_percent.pak.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\whiteband.png.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bn.pak.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\DVD Maker\rtstreamsink.ax.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\ConvertMove.htm.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576black.png.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\manifest.json.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\colorcycle.png.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-static.png.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_ButtonGraphic.png.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-bullet.png.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IPSEventLogMsg.dll.mui.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\background.png.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\msinfo32.exe.mui.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcfr.dll.mui.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_SelectionSubpicture.png.tmp	b29ff36a0618230a920cd9294a7ca770N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-highlight.png.tmp	b29ff36a0618230a920cd9294a7ca770N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b29ff36a0618230a920cd9294a7ca770N.exe

C:\Users\Admin\AppData\Local\Temp\b29ff36a0618230a920cd9294a7ca770N.exe
"C:\Users\Admin\AppData\Local\Temp\b29ff36a0618230a920cd9294a7ca770N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

Filesize
102KB

MD5
8b1fb9674e81a1a5cfb6a647044123f5

SHA1
a0191b71c8b941daa1b1ecd5667c417b4815bb43

SHA256
c09028641510a64ecf366f0538dd09af04aad5d2a68bf10efc519d4046c18b67

SHA512
8fa13b98c43e457004d3e496ffabe79702a284509e10c3b256e461d2ed810e6f90464d08cc8df144114eb4bd4db1e16be93e8d21a490dd53b1bba5ebd6ba073d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
111KB

MD5
5e75baeacce8dab72b3ee184bcd3c392

SHA1
b75d005789e857cf51bc0e54f5929dd0144b7a1b

SHA256
d33c9eaa5ef548769eca4389cc8f29071ea52e7a34b5ac9b79e2f4e66c6c92a7

SHA512
3a032ffeb43d0e97879a6136e2262d6256cced10fd696193512fbc20609915984f0526909c8adff9c27a996db8e51131606e3f1ba186c1ca9e469c231ae93f29

Download Submit